CVE-2026-24784

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0...

CVE-2026-24836

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...

PT-2026-5119

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparent id parameters to execute arbitrary JavaScript in administrative contexts...

PT-2026-5086

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Podcast Generator security vulnerabilities

Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.2.9 of Podcast Generator has a security vulnerability, which stems from a storage-type XSS vulnerability in the function for creating new live projects. This vulnerability could allow for...

Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

EUVD-2026-4864

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13....

EUVD-2026-4862

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...

CVE-2020-36956

Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing th...

CVE-2020-36942

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser...

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Over the past few years, we've been observing and monitoring the espionage activities of HoneyMyte aka Mustang Panda or Bronze President within Asia and Europe, with the Southeast Asia region being the most affected. The primary targets of most of the group's campaigns were government entities. A...

SUSE CVE-2026-22771

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...

Victor CMS code-related vulnerabilities

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has code-related vulnerabilities; these vulnerabilities stem from defects in the file upload functionality, which may lead to the upload and execution of malicious PHP files...

PT-2026-5040

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 9.13.10 DNN formerly DotNetNuke versions prior to 10.2.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, a module could be...

Embedded Malicious Code

Overview @dydxprotocol/v4-client-js is a malicious package. Versions of this package were compromised with malicious scripts in core registry files. Remediation Avoid using all malicious instances of the @dydxprotocol/v4-client-js package. Credit: Kush Pandya...

[SECURITY] [DSA 6111-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6111-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 26, 2026 https://www.debian.org/security/faq -...

Exploit_Scripts

E...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11738)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the autoPurge feature. An attacker could exploit the...

WellChoose Single Sign-On Portal System Cross-Site Script Vulnerabilities

WellChoose Single Sign-On Portal System is a single-sign-on portal system developed by WellChoose, a company based in Taiwan, China. The WellChoose Single Sign-On Portal System has a cross-site scripting vulnerability. This vulnerability stems from the presence of reflective cross-site scripts,...

CVE-2025-12836

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.23 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...